Wireless Kernel Tweaking
or how B.A.T.M.A.N. learned to fly
Kernel hacking definitely is the queen of coding but in order to bring mesh routing that one vital step further we had to conquer this, for us, unchartered territory. Working in the kernel itself is a tough and difficult task to manage, but the results and effectivity to be gained justify the long and hard road to success. We took on the mission to go down that road and the result is B.A.T.M.A.N. advanced which is a kernel land implementation of the B.A.T.M.A.N. mesh routing protocol specifically designed to manage Wireless MANs.
1. Introduction
Walking down the layers
Into kernelspace
That's it!
Wireless Kernel Tweaking
or how B.A.T.M.A.N. learned to y
Marek Lindner, Simon Wunderlich
December 28, 2007
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
2. Introduction
Walking down the layers
Into kernelspace
That's it!
Outline
1 Introduction
what is a (dynamic) routing protocol?
the B.A.T.M.A.N. approach
2 Walking down the layers
layer 3 vs. layer 2
implementation issues
bridging
3 Into kernelspace
what's dierent
interacting with the kernel
4 That's it!
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
3. Introduction
Walking down the layers what is a (dynamic) routing protocol?
Into kernelspace the B.A.T.M.A.N. approach
That's it!
Example scenario - 6:00
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
4. Introduction
Walking down the layers what is a (dynamic) routing protocol?
Into kernelspace the B.A.T.M.A.N. approach
That's it!
Example scenario - 23:00
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
5. Introduction
Walking down the layers what is a (dynamic) routing protocol?
Into kernelspace the B.A.T.M.A.N. approach
That's it!
Example scenario (2)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
6. Introduction
Walking down the layers what is a (dynamic) routing protocol?
Into kernelspace the B.A.T.M.A.N. approach
That's it!
Introduction to B.A.T.M.A.N.
B.A.T.M.A.N. = better approach to mobile adhoc networks
only decide next neighbour, not whole route
topology is not used or known by nodes
routing decisions are distributed by the nodes
designed for lossy networks
routing protocols internal is out of scope, we just assume it
works ;)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
7. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Layer 3 - isn't that enough?
B.A.T.M.A.N. alters routing tables
kernel manages routing of payload trac
this works only for IP, no IPv6, DHCP, IPX ...
users have to make sure that everyone has an unique IP
routing into/outside other networks is quite complex
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
8. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Let's try layer 2
write userspace proof-of-concept, then go to kernelspace
instead of IPs, use MAC-addresses as identiers (should
be[TM] unique per design)
we provide a virtual switch-port bat0 to the user
virtual Ethernet interface (TAP), all other nodes are just one
(virtual) hop away
IP, IPv6, DHCP, IPX already works on Ethernet, we have
nothing to do
can be used as bridge over multiple interfaces (e.g. WiFi and
Ethernet)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
9. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Usage
provide a virtual switch-port bat0 to the user
k e r o :/# i f c o n f i g bat0
bat0 L i n k encap : E t h e r n e t HWaddr 0 0 : 1 3 : 3 7 : 9 1 : 4 2 : 3 7
i n e t 6 addr : f e 8 0 : : 2 1 7 : 1 3 f f : f e 3 7 :4237/64 Scope : L i n k
UP BROADCAST RUNNING MULTICAST MTU: 1 4 7 2 M e t r i c : 1
RX p a c k e t s : 0 e r r o r s : 0 dropped : 0 o v e r r u n s : 0 frame : 0
TX p a c k e t s : 4 e r r o r s : 0 dropped : 0 o v e r r u n s : 0 c a r r i e r : 0
c o l l i s i o n s :0 txqueuelen :500
RX b y t e s : 0 ( 0 . 0 B) TX b y t e s : 3 2 8 ( 3 2 8 . 0 B)
participants set IP adresses (etc.) on their bat0 interface
k e r o :/# i f c o n f i g bat0 i n e t 1 9 2 . 1 6 8 . 1 0 . 2 3
k e r o :/# r o u t e add d e f a u l t gw 1 9 2 . 1 6 8 . 1 0 . 2 3
( o r even b e t t e r : )
k e r o :/# d h c l i e n t bat0
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
10. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
All the layer 2 belong to us!
B.A.T.M.A.N. transports the Ethernet-Frame to the node with
the destination MAC
it does not care about IP-adresses etc, just as your switch
OGMs and payload are encapsulated in our own
Ethernet-Frames (Ethertype 0x0842)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
11. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Implementation
TAP-interface bat0 receives/sends Ethernet-Frames from the
user
we decide which neighbour should receive it, based on the
B.A.T.M.A.N. algorithm
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
12. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Bridging support
B.A.T.M.A.N. collects MACs of participants behind the Bridge
These lists are announced via HNA-Messages and ooded to
all B.A.T.M.A.N. nodes
With this, we have a decentralized MAC Translation Table
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
13. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Visualization
Nice side eect: with the HNA information, the whole
topology with the nodes behind the APs becomes visible
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
14. Introduction layer 3 vs. layer 2
Walking down the layers implementation issues
Into kernelspace bridging
That's it!
Great - and now?
proof-of-concept implementation in the userspace works quite
well
the problem is: performance!
it should also run well on minimal embedded systems (Access
Points, Cell Phones)
typical path is:
select(): wait for a packet
read() it
nd next hop, update tables etc. (pretty fast)
write() it
System Calls for read/write take very long time (switch to
kernel mode and back, copy overhead)
becomes a problem with high bandwidth usage, peak
performance of the NICs can't be reached
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
15. Introduction
Walking down the layers what's dierent
Into kernelspace interacting with the kernel
That's it!
Put it into kernelspace
No useless message copy (recycle kernel buers)
no Syscalls and no user/kernel mode switch
kernel works asynchronous and preemptive
asynchronous packet handling possible
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
16. Introduction
Walking down the layers what's dierent
Into kernelspace interacting with the kernel
That's it!
Living in the kernelspace
the proc lesystem
# l s / p r o c / n e t /batman−adv /
gateways
interfaces
log
log_level
originators
orig_interval
activating batman-adv
# echo wlan0 / p r o c / n e t /batman−adv / i n t e r f a c e s
deactivating batman-adv
# echo quot;quot; / p r o c / n e t /batman−adv / i n t e r f a c e s
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
17. Introduction
Walking down the layers what's dierent
Into kernelspace interacting with the kernel
That's it!
Logging merits special attention
the log level
# c a t / p r o c / n e t /batman−adv / l o g _ l e v e l
[ x ] c r i t i c a l (0)
[ ] warnings (1)
[ ] notices (2)
[ ] batman ( 4 )
[ ] routes (8)
setting the log level
# echo 3 / p r o c / n e t /batman−adv / l o g _ l e v e l
# c a t / p r o c / n e t /batman−adv / l o g _ l e v e l
[ x ] c r i t i c a l (0)
[ x ] warnings (1)
[ x ] notices (2)
[ ] batman ( 4 )
[ ] routes (8)
reading the log
# c a t / p r o c / n e t /batman−adv / l o g
[ 6 2 6 ] B . A .T.M. A .N. Advanced 0.1− a l p h a ( c o m p a b i l i t y v e r s i o n 1)
[ 9 7 1 ] Changing l o g _ l e v e l from : 0 to : 3
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
18. Introduction
Walking down the layers what's dierent
Into kernelspace interacting with the kernel
That's it!
Kernel development
don't be scared
the kernel is a big library for all your hacking needs
debugging techniques:
clean programming - think before you insmod
printk - tells you what's up
kernel oops - gives you the stack trace
UML - safer debugging
again: don't panic! :-)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
19. Introduction
Walking down the layers what's dierent
Into kernelspace interacting with the kernel
That's it!
Battool
there is no ICMP on Layer 2
we still want to ping, traceroute etc to debug the network
implement own ICMP protocol into batman-adv protocol
battool provides ping, traceroute and raw packet dump
injects and receives special packets into unix socket
(userspace) or device (kernelspace)
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
20. Introduction
Walking down the layers
Into kernelspace
That's it!
Links
http://open-mesh.net/
https://dev.open-mesh.net/batman
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking
21. Introduction
Walking down the layers
Into kernelspace
That's it!
Thank you!
Marek Lindner, Simon Wunderlich Wireless Kernel Tweaking